编辑 /etc/sysconfig/iptables
允许访问本机
-A INPUT -i lo -j ACCEPT
允许22端口ssh
-A INPUT -p tcp –dport 22 -j ACCEPT
允许80端口
-A INPUT -p tcp –dport 80 -j ACCEPT
php-fpm
-A INPUT -p tcp –dport 9000 -j ACCEPT
禁止ping
-A INPUT -p icmp -m icmp –icmp-type 8 -j DROP
svn
-A INPUT -p tcp –dport 3690 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 3690 -j ACCEPT
允许8080端口
-A INPUT -p tcp –dport 8080 -j ACCEPT
允许所有从服务器端发起的连接
-I INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
禁止其他任何连接
-P OUTPUT ACCEPT -P INPUT DROP